Security update for openssl-1_0_0 (important)

openSUSE Security Update: Security update for openssl-100 Announcement ID: openSUSE-SU-2022:0856-1 Rating: important References: 1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE...

Security update for java-11-openjdk (moderate)

openSUSE Security Update: Security update for java-11-openjdk Announcement ID: openSUSE-SU-2022:0816-1 Rating: moderate References: 1194925 1194926 1194927 1194928 1194929 1194930 1194931 1194932 1194933 1194934 1194935 1194937 1194939 1194940 1194941 Cross-References: CVE-2022-21248 CVE-2022-212...

CVE-2021-26401

LFENCE/JMP mitigation V2-2 may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs...

Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop's Other Settings, Shop's Autorespond E-mail Settings and Shops' Payments Methods

Description 1 Checkout URL and Custom order id parameters are vulnerable to stored XSS, which are located in Shop Settings other settings Advanced 2 From e-mail address and From name parameters are vulnerable to stored XSS, which are located in Shop Settings Autorespond E-mail settings check your...

Extortion scheme impersonates government officials, law enforcement

The FBI issued a public warning this week about a fraud scheme wherein scammers impersonate government officials and law enforcement personnel. According to the PSA, the scammers spoof legitimate numbers and names and use fake credentials of well-known members of the government and law enforcemen...

Brave browser goes the extra mile to block third party cookies

Brave is testing a new feature to stop bounce tracking, a sneaky method that websites use to load third-party tracking cookies so they can gather more information about who is visiting their site. The Brave browser As you may remember from our post about the best browsers for privacy and security...

Possible code injection vulnerability in Rails / Active Storage

The Active Storage module of Rails starting with version 5.2.0 is possibly vulnerable to code injection. This issue was patched in versions 5.2.6.3, 6.0.4.7, 6.1.4.7, and 7.0.2.3. To work around this issue, applications should implement a strict allow-list on accepted transformation methods or...

Security update for perl-App-cpanminus (moderate)

openSUSE Security Update: Security update for perl-App-cpanminus Announcement ID: openSUSE-SU-2022:0074-1 Rating: moderate References: Cross-References: CVE-2020-16154 CVSS scores: CVE-2020-16154 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-S...

Security update for go1.17 (important)

openSUSE Security Update: Security update for go1.17 Announcement ID: openSUSE-SU-2022:0723-1 Rating: important References: 1190649 1195834 1195835 1195838 Cross-References: CVE-2022-23772 CVE-2022-23773 CVE-2022-23806 CVSS scores: CVE-2022-23772 NVD : 7.5...

Security update for flatpak (important)

openSUSE Security Update: Security update for flatpak Announcement ID: openSUSE-SU-2022:0712-1 Rating: important References: 1194610 1194611 Cross-References: CVE-2021-43860 CVE-2022-21682 CVSS scores: CVE-2021-43860 NVD : 8.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2022-21682 NVD : 6.5...

ARM Mali GPU 缓冲区错误漏洞

ARM Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monitor to...

MySQLjs SQL Injection Authentication Bypass

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. Typically, query escape functions or placeholders are known to prevent SQL injections. However, mysqljs/mysql is known to have different escape methods over different...

WordPress WooCommerce Disable Payment Methods based on cart conditions plugin < 1.13.1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Disable Payment Methods based on cart conditions plugin versions 1.13.1.1. Solution Update the WordPress WooCommerce Disable Payment Methods based on cart conditions plugin to the latest available version at least...

WordPress WooCommerce Disable Payment Methods based on cart conditions plugin < 1.13.1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WooCommerce Disable Payment Methods based on cart conditions plugin versions 1.13.1.1. Solution Update the WordPress WooCommerce Disable Payment Methods based on cart conditions plugin to the latest...

Security update for jasper (moderate)

openSUSE Security Update: Security update for jasper Announcement ID: openSUSE-SU-2022:0562-1 Rating: moderate References: 1188437 Cross-References: CVE-2021-27845 CVSS scores: CVE-2021-27845 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-27845 SUSE: 4...

Security update for jaw (moderate)

openSUSE Security Update: Security update for jaw Announcement ID: openSUSE-SU-2022:0045-1 Rating: moderate References: 1194358 Cross-References: CVE-2022-21653 CVSS scores: CVE-2022-21653 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP2 An...

Security update for rust (moderate)

openSUSE Security Update: Security update for rust Announcement ID: openSUSE-SU-2022:0491-1 Rating: moderate References: 1194767 Cross-References: CVE-2022-21658 CVSS scores: CVE-2022-21658 NVD : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-21658 SUSE: 6.2...

[WP-H3] Centralization Risk: Funds can be frozen when critical key holders lose access to their keys

Lines of code Vulnerability details The current implementation requires trusted key holders DEFAULTADMINROLE of BribeVault to send transactions transferBribes to move funds from BribeVault to RewardDistributor before the users can get rewards from the contract. This introduces a high centralizati...

[WP-H4] Input should be validated on-chain to avoid fund loss caused by admin's misinput

Lines of code Vulnerability details In the current design/implementation, the admin of BribeVault is a super privileged role of the system. However, the inputs of the admin to some of the most critical methods are not being validated properly. This can lead to loss of funds to users caused by the...

Emotet Now Spreading Through Malicious Excel Files

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its...